I've seen this topic come up a few times recently, but I'm afraid I'm still not sure what, if anything, I'm doing wrong.
I've set up CAS server 3.4.11 can can successfully authenticate against our LDAP. I'm now trying to set up/test attribute release using this wiki page as a reference: <https://wiki.jasig.org/display/CASUM/Attributes> I have the following defined in deployerConfigContext.xml: <bean id="attributeRepository" class="org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao"> <property name="contextSource" ref="contextSource" /> <property name="baseDN" value="ou=people,dc=hawaii,dc=edu" /> <property name="requireAllQueryAttributes" value="true" /> <!-- Attribute mapping beetween principal (key) and LDAP (value) names used to perform the LDAP search. By default, multiple search criteria are ANDed together. Set the queryType property to change to OR. --> <property name="queryAttributeMapping"> <map> <entry key="username" value="uid" /> </map> </property> <property name="resultAttributeMapping"> <map> <!-- Mapping between LDAP entry attributes (key) and Principal's (value) --> <entry key="cn" value="fullName"/> <entry key="uhUuid" value="uhNumber"/> <entry key="eduPersonAffiliation" value="uhAffiliation"/> <entry key="eduPersonOrgDN" value="uhOrg"/> <entry key="uhOrgAffiliation" value="uhOrgAffiliation"/> </map> </property> </bean> If I login with the .../cas/login servlet, I see the following in the log: 2012-05-30 17:22:31,472 INFO [org.jasig.cas.authentication.AuthenticationManagerImpl] - AuthenticationHandler: org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler successfully authenticated the user which provided the following credentials: [username: baron] 2012-05-30 17:22:31,577 DEBUG [org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao] - Created seed map='{username=[baron]}' for uid='baron' 2012-05-30 17:22:31,577 DEBUG [org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao] - Created seed map='{username=[baron]}' for uid='baron' 2012-05-30 17:22:31,578 DEBUG [org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao] - Adding attribute 'uid' with value '[baron]' to query builder 'null' 2012-05-30 17:22:31,578 DEBUG [org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao] - Adding attribute 'uid' with value '[baron]' to query builder 'null' 2012-05-30 17:22:31,580 DEBUG [org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao] - Generated query builder '(uid=baron)' from query Map {username=[baron]}. 2012-05-30 17:22:31,580 DEBUG [org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao] - Generated query builder '(uid=baron)' from query Map {username=[baron]}. 2012-05-30 17:22:31,688 INFO [org.jasig.cas.authentication.AuthenticationManagerImpl] - Resolved principal baron 2012-05-30 17:22:31,688 INFO [org.jasig.cas.authentication.AuthenticationManagerImpl] - Principal found: baron I don't see any any indications that it's retrieving or mapping the attributes configured above. Should I? I don't see any errors either though, so I'm probably missing something more basic. (I'm also not sure why I'm seeing repeated log entries for org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao. <logger name="org.jasig.services.persondir"> <level value="DEBUG" /> <appender-ref ref="cas" /> </logger> is the only DEBUG I've set in log4j.xml. It would be nice to clean that up too.) Aloha, -baron -- Baron Fujimoto <[email protected]> :: UH Information Technology Services minutas cantorum, minutas balorum, minutas carboratum desendus pantorum -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
